OpenJDK Security Update (8u322) (MINDBREEZE20551)

ID: MINDBREEZE20551 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 5.3 Medium 
Status: Final 
First published: June 29, 2022 
CVEs: CVE-2021-35578, CVE-2021-35603, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299 

Summary 

• CVE-2021-35578 OpenJDK: Unexpected exception raised during TLS handshake 
• CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes 
• CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl 
• CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager 
• CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 22.1 Release (Version 22.1.0.1309) 

• Mindbreeze InSpire SaaS 22.1 Release (Version 22.1.0.1309)